Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypak virus [Solved]


  • This topic is locked This topic is locked

#1
Cowson1

Cowson1

    Member

  • Member
  • PipPip
  • 24 posts
Hello,

When I turn on my laptop and windows boots up, the FBI moneypak virus pops up and I can't do anything. However, I am able to run in safe mode with networking.

I'm running a Dell laptop with Windows Vista. And I've been using Norton antivirus, but the norton scan doesn't seem to help.

Any suggestions? Thanks!

Ive downloaded and run the OTL, which is pasted below:

OTL logfile created on: 7/30/2013 12:16:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.11% Memory free
6.18 Gb Paging File | 5.69 Gb Available in Paging File | 92.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 75.78 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.90 Gb Free Space | 58.99% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/25 19:04:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2007/01/13 04:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 04:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2013/06/11 14:07:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/25 16:34:19 | 000,098,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR322.SYS -- (SMR322)
DRV - [2013/07/15 16:14:45 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130716.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/15 16:14:45 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130716.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/06/22 21:54:14 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 15:46:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130716.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/10 12:25:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/26 21:19:46 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 14:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Alan\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/03/04 19:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/07/25 16:57:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DisplaySwitch] C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Templates\syssecurity.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.hotwaxsur...sCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0465C35F-1784-485D-83B9-261216A778BA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7FE9FF6-0764-4FEB-BABF-19BF0AFA3A40}: DhcpNameServer = 172.16.2.5 4.2.2.2 4.2.2.2
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\Shell - "" = AutoRun
O33 - MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/26 23:07:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/25 19:04:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/07/25 16:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SMR322
[2013/07/25 16:34:19 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR322.SYS
[2013/07/25 16:34:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\NPE
[2013/07/07 20:14:01 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Atari
[2013/07/07 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\RCT3
[2013/07/07 20:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013/07/07 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[1 C:\Users\Alan\Documents\*.tmp files -> C:\Users\Alan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/30 12:15:20 | 000,006,540 | ---- | M] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2013/07/25 19:04:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/07/25 17:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 17:00:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce060160f35200.job
[2013/07/25 16:56:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 16:56:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 16:34:19 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR322.SYS
[2013/07/25 14:51:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/25 14:50:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 14:50:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/15 03:08:21 | 334,106,655 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/07 20:15:57 | 000,060,928 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/07 20:13:42 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2013/07/07 20:13:36 | 000,001,568 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2013/07/04 18:34:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/04 18:34:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/02 10:27:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[1 C:\Users\Alan\Documents\*.tmp files -> C:\Users\Alan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/07 20:13:42 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2013/07/07 20:13:36 | 000,001,568 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2013/07/04 18:34:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/04 18:34:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/02/13 13:00:48 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/11/06 16:39:18 | 000,000,043 | ---- | C] () -- C:\Users\Alan\jagex_cl_runescape_LIVE.dat
[2012/11/06 16:39:18 | 000,000,024 | ---- | C] () -- C:\Users\Alan\random.dat
[2011/06/04 22:46:13 | 000,001,940 | ---- | C] () -- C:\Users\Alan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/05/23 16:07:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/17 23:14:46 | 000,000,000 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2008/03/18 11:53:11 | 000,006,540 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2008/02/05 00:33:07 | 000,060,928 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 03:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/17 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\.minecraft
[2013/07/07 20:14:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Atari
[2013/06/03 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Catalina – Print Savings
[2009/03/20 01:26:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Leadertech
[2010/03/03 14:11:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TeamViewer
[2008/09/17 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
[2011/02/20 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tific
[2010/10/26 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\VSO

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Alan\Documents\SANY0135.MP4:TOC.WMV

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Cowson1, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (the desktop). Please post the contents of that file.

Please boot back into Safe Mode with Networking.


Step-1.

Download RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the Build 32 bits (x86): download button and save the RogueKiller.exe file to the desktop.
We will run it shortly.

Step-2.

Run this from Safe Mode with Networking.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Alan\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [DisplaySwitch] C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Templates\syssecurity.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.hotwaxsur...sCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\Shell - "" = AutoRun
O33 - MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:FILES ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Now see if you can boot into Windows normally. If you can't boot into Windows normally run the next tool from Safe Boot with networking.


Step-3.

Run RogueKiller

  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The RKreport.txt log
3. The Extras.txt log
  • 0

#3
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you, godawgs. I ran the OTL with the commands and was able to reboot into windows normally....so I didn't run the roguekiller. The OTL log is below, and I didn't see any "extras" file.

Thanks again.

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator\ deleted successfully.
File move failed. C:\Users\Alan\AppData\Roaming\CATALI~1\NPBCSK~1.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch deleted successfully.
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Templates\syssecurity.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
C:\Windows\Downloaded Program Files\AxisCamControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45d65276-d845-11dc-8f17-001c23fb6b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45d65276-d845-11dc-8f17-001c23fb6b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45d65276-d845-11dc-8f17-001c23fb6b34}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Error: Unable to interpret <:FILES ipconfig /flushdns /c> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 72995138 bytes
->Temporary Internet Files folder emptied: 36802967 bytes
->Java cache emptied: 96503353 bytes
->Google Chrome cache emptied: 75295366 bytes
->Flash cache emptied: 602 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13188950 bytes
RecycleBin emptied: 914942904 bytes

Total Files Cleaned = 1,154.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07302013_212640

Files\Folders moved on Reboot...
File move failed. C:\Users\Alan\AppData\Roaming\CATALI~1\NPBCSK~1.DLL scheduled to be moved on reboot.
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE579.tmp not found!
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE57E.tmp not found!
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE5C4.tmp not found!
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE5C9.tmp not found!
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE5ED.tmp not found!
File\Folder C:\Users\Alan\AppData\Local\Temp\~DFE5F2.tmp not found!
File move failed. C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKDABGSH\%2525253DClick%25252526b%2525253Drp220.ovq.wiz.cebq2%25252526message%2525253DeJwNjLsOwkAMBP9l6yvw2veQu6uCoEAGUaeLKKJ0VBH_jrudkWZPCBzv7XPcYj6ur3l_xhIRk[1].htm scheduled to be moved on reboot.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKDABGSH\332182-fbi-moneypak-virus[1].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKDABGSH\ads[3].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKDABGSH\data_sync[1].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3IR2ZG\ads[3].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3IR2ZG\follow_button[1].html moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3IR2ZG\like[1].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3IR2ZG\roguekiller[1].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUXSXDST\zrt_lookup[1].html moved successfully.
File move failed. C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1C7JZPT\%2525253DClick%25252526b%2525253Drp220.ovq.wiz.cebq2%25252526message%2525253DeJwNjLsOwkAMBP9l6yvw2veQu6uCoEAGUaeLKKJ0VBH_jrudkWZPCBzv7XPcYj6ur3l_xhIRk[1].htm scheduled to be moved on reboot.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1C7JZPT\ads[3].htm moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1C7JZPT\fastbutton[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you, godawgs.

You are welcome.

I ran the OTL with the commands and was able to reboot into windows normally....so I didn't run the roguekiller.

I'm glad to hear that Windows booted normally. I didn't make myself clear on the RogueKiller tool. I wanted it run in the normal Windows mode if possible and in the Safe Mode if you weren't able to boot into Windows normally. Since Windows will boot up normally please run it from the normal mode.

The OTL log is below, and I didn't see any "extras" file.

There should have been an Extras.txt file created the first time you ran OTL and saved in the same location a the OTL program file. In your case that would be on the desktop. But since you can't find it we will run another OTL scan and get one.

After you have run RogueKiller using the instructions in post #2 above let's get a fresh OTL scan.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • In the Extra Registry section, click the radio button beside Scan All Users<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your next reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreport.txt log
2. The new OTL.txt log
3. The Extras.txt log
  • 0

#5
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok. I ran the roguekiller and otl.

First is the roguekiller and the otl follows. I don't know why, but there is no extras.txt in the desktop folder...or any folder. All that is contained in the desktop folder is the otl.txt.

Is there something that I'm doing wrong?

Thank you again.

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Alan [Admin rights]
Mode : Scan -- Date : 07/31/2013 14:11:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Alan][SUSP PATH] RollerCoaster Tycoon 3 Registration.lnk : C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk @C:\Users\Alan\AppData\Local\Temp\{00D000B7-3CBF-4C98-A8F3-063F367D50C7}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY" [-][x][x] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x824A1EE9 -> HOOKED (Unknown @ 0x872ACD50)
[Address] SSDT[14] : NtAlertThread @ 0x82407305 -> HOOKED (Unknown @ 0x872ACE10)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8243EE68 -> HOOKED (Unknown @ 0x87E5A648)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x823F84F3 -> HOOKED (Unknown @ 0x87D074A8)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x823CC211 -> HOOKED (Unknown @ 0x872AC5D8)
[Address] SSDT[67] : NtCreateMutant @ 0x82442F77 -> HOOKED (Unknown @ 0x872ACB00)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x823E53FB -> HOOKED (Unknown @ 0x872AC2F8)
[Address] SSDT[78] : NtCreateThread @ 0x824A0560 -> HOOKED (Unknown @ 0x87E5AA90)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x82473AD8 -> HOOKED (Unknown @ 0x872AC6B8)
[Address] SSDT[129] : NtDuplicateObject @ 0x82406231 -> HOOKED (Unknown @ 0x87E5A7D8)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x8229DCE7 -> HOOKED (Unknown @ 0x87E5A460)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x823C7257 -> HOOKED (Unknown @ 0x872ACBD0)
[Address] SSDT[158] : NtImpersonateThread @ 0x823D9980 -> HOOKED (Unknown @ 0x872ACC90)
[Address] SSDT[165] : NtLoadDriver @ 0x8237BAD0 -> HOOKED (Unknown @ 0x87D03758)
[Address] SSDT[177] : NtMapViewOfSection @ 0x82430AFE -> HOOKED (Unknown @ 0x87E5A380)
[Address] SSDT[184] : NtOpenEvent @ 0x823F2451 -> HOOKED (Unknown @ 0x872ACA40)
[Address] SSDT[194] : NtOpenProcess @ 0x8241DEF2 -> HOOKED (Unknown @ 0x87E5A978)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8241967B -> HOOKED (Unknown @ 0x87E5A718)
[Address] SSDT[197] : NtOpenSection @ 0x82434BA2 -> HOOKED (Unknown @ 0x872AC8C0)
[Address] SSDT[201] : NtOpenThread @ 0x8240E57A -> HOOKED (Unknown @ 0x87E5A8A8)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x82442C7E -> HOOKED (Unknown @ 0x872AC4E8)
[Address] SSDT[282] : NtResumeThread @ 0x8240D924 -> HOOKED (Unknown @ 0x872ACED0)
[Address] SSDT[289] : NtSetContextThread @ 0x824A1233 -> HOOKED (Unknown @ 0x87E5A130)
[Address] SSDT[305] : NtSetInformationProcess @ 0x82440A24 -> HOOKED (Unknown @ 0x87E5A1F0)
[Address] SSDT[317] : NtSetSystemInformation @ 0x82403722 -> HOOKED (Unknown @ 0x872AC798)
[Address] SSDT[330] : NtSuspendProcess @ 0x824A1E23 -> HOOKED (Unknown @ 0x872AC980)
[Address] SSDT[331] : NtSuspendThread @ 0x8245ECEA -> HOOKED (Unknown @ 0x872ACF90)
[Address] SSDT[334] : NtTerminateProcess @ 0x823EF2F0 -> HOOKED (Unknown @ 0x87E5AB70)
[Address] SSDT[335] : NtTerminateThread @ 0x8241BAF3 -> HOOKED (Unknown @ 0x87E5A070)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x82431155 -> HOOKED (Unknown @ 0x87E5A2C0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x8241A033 -> HOOKED (Unknown @ 0x87E5A530)
[Address] SSDT[382] : NtCreateThreadEx @ 0x8240DF82 -> HOOKED (Unknown @ 0x872AC3E8)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x872B23F8)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87DFFD58)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87DFEDE0)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x884A0108)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x872B5BE0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x87DEF048)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x87DEF1E8)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87DEF118)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x884AE6F8)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8720EA48)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1637GSX +++++
--- User ---
[MBR] 605e7dfe802aa91bca2f83339254b0ef
[BSP] 69a577cfd462274758ec500c84e5c42e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 139747 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307335168 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07312013_141155.txt >>



OTL logfile created on: 7/31/2013 2:18:42 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 46.97% Memory free
6.19 Gb Paging File | 4.77 Gb Available in Paging File | 77.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 73.20 Gb Free Space | 53.64% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.90 Gb Free Space | 58.99% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 14:16:29 | 001,173,456 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_FBAD1.tmp\setup.exe
PRC - [2013/07/30 21:24:26 | 000,916,992 | ---- | M] () -- C:\Users\Alan\Desktop\RogueKiller.exe
PRC - [2013/07/30 10:30:00 | 000,784,224 | ---- | M] () -- C:\Program Files\Google\Update\Install\{78C8AD34-C85B-4746-BE99-4E442A0EE312}\28.0.1500.95_28.0.1500.72_chrome_updater.exe
PRC - [2013/07/25 19:04:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/07/13 20:09:10 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/11 14:07:18 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2009/03/20 01:26:33 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/01/19 03:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/09/24 05:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 05:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 05:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 05:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 14:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/10 11:15:15 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/07/10 11:15:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/07/10 11:09:41 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/10 11:09:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/09/11 10:33:14 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/11/10 16:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/03/20 01:26:29 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2008/08/14 17:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 17:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2007/09/26 06:47:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/03/21 15:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2013/06/11 14:07:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 14:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 17:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/31 14:05:12 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2013/07/15 16:14:45 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130730.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/15 16:14:45 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130730.032\NAVENG.SYS -- (NAVENG)
DRV - [2013/06/22 21:54:14 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 15:46:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130730.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/10 12:25:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/26 21:19:46 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 14:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/03/04 19:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/07/31 13:58:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2468812848-2866485082-18913617-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0465C35F-1784-485D-83B9-261216A778BA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7FE9FF6-0764-4FEB-BABF-19BF0AFA3A40}: DhcpNameServer = 172.16.2.5 4.2.2.2 4.2.2.2
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\RK_Quarantine
[2013/07/30 21:26:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/26 23:07:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/25 19:04:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/07/25 16:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SMR322
[2013/07/25 16:34:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\NPE
[2013/07/07 20:14:01 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Atari
[2013/07/07 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\RCT3
[2013/07/07 20:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013/07/07 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[1 C:\Users\Alan\Documents\*.tmp files -> C:\Users\Alan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/31 14:28:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/31 14:07:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 14:05:12 | 000,015,616 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2013/07/31 14:00:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce060160f35200.job
[2013/07/31 13:58:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 13:58:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 13:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 13:57:34 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/31 12:54:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/30 21:24:26 | 000,916,992 | ---- | M] () -- C:\Users\Alan\Desktop\RogueKiller.exe
[2013/07/30 18:17:34 | 000,006,540 | ---- | M] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2013/07/25 19:04:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/07/15 03:08:21 | 334,106,655 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/07 20:15:57 | 000,060,928 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/07 20:13:42 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2013/07/07 20:13:36 | 000,001,568 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2013/07/04 18:34:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/04 18:34:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/02 10:27:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[1 C:\Users\Alan\Documents\*.tmp files -> C:\Users\Alan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/31 14:05:12 | 000,015,616 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2013/07/30 21:31:55 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/30 21:24:23 | 000,916,992 | ---- | C] () -- C:\Users\Alan\Desktop\RogueKiller.exe
[2013/07/07 20:13:42 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2013/07/07 20:13:36 | 000,001,568 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2013/07/04 18:34:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/04 18:34:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/02/13 13:00:48 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/11/06 16:39:18 | 000,000,043 | ---- | C] () -- C:\Users\Alan\jagex_cl_runescape_LIVE.dat
[2012/11/06 16:39:18 | 000,000,024 | ---- | C] () -- C:\Users\Alan\random.dat
[2011/06/04 22:46:13 | 000,001,940 | ---- | C] () -- C:\Users\Alan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/05/23 16:07:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/17 23:14:46 | 000,000,000 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2008/03/18 11:53:11 | 000,006,540 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2008/02/05 00:33:07 | 000,060,928 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 03:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/17 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\.minecraft
[2013/07/07 20:14:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Atari
[2013/07/31 02:32:29 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Catalina – Print Savings
[2009/03/20 01:26:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Leadertech
[2010/03/03 14:11:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TeamViewer
[2008/09/17 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
[2011/02/20 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tific
[2010/10/26 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\VSO

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2008/01/19 03:33:47 | 000,328,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008/04/18 01:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/19 03:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/03/03 00:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2008/01/19 03:34:03 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 05:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/06/18 23:31:48 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2008/01/19 03:36:37 | 000,310,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/19 03:36:45 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2008/06/25 23:29:02 | 000,565,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/19 03:36:15 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/03/03 00:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2008/01/19 03:37:10 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:24:40 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 08:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/01/19 03:33:22 | 002,623,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/06 07:09:57 | 000,603,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2008/01/19 03:36:39 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 08:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2008/01/19 03:36:11 | 000,153,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2008/01/19 03:33:34 | 001,054,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2008/01/19 03:33:45 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2008/01/19 03:33:45 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:53 | 001,013,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2008/01/19 03:34:53 | 000,393,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2008/01/19 03:36:53 | 000,452,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2008/01/19 03:33:16 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2008/01/19 03:36:59 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/08/06 22:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2008/01/19 03:34:05 | 000,175,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:32:52 | 000,513,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 08:12:29 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/25 11:54:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/25 11:54:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/10/06 01:20:57 | 000,001,688 | ---- | M] () MD5=929DFAC9652F751F2D92F76BA9685F2C -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/10/06 01:20:57 | 000,001,688 | ---- | M] () MD5=929DFAC9652F751F2D92F76BA9685F2C -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 5A4F-0DC9
Directory of C:\
02/05/2008 12:25 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/05/2008 12:25 AM <JUNCTION> Application Data [C:\ProgramData]
02/05/2008 12:25 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/05/2008 12:25 AM <JUNCTION> Documents [C:\Users\Public\Documents]
02/05/2008 12:25 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/05/2008 12:25 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/05/2008 12:25 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/05/2008 12:25 AM <SYMLINKD> All Users [C:\ProgramData]
02/05/2008 12:25 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Alan
02/05/2008 12:29 AM <JUNCTION> Application Data [C:\Users\Alan\AppData\Roaming]
02/05/2008 12:29 AM <JUNCTION> Cookies [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Cookies]
02/05/2008 12:29 AM <JUNCTION> Local Settings [C:\Users\Alan\AppData\Local]
02/05/2008 12:29 AM <JUNCTION> My Documents [C:\Users\Alan\Documents]
02/05/2008 12:29 AM <JUNCTION> NetHood [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/05/2008 12:29 AM <JUNCTION> PrintHood [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/05/2008 12:29 AM <JUNCTION> Recent [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Recent]
02/05/2008 12:29 AM <JUNCTION> SendTo [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\SendTo]
02/05/2008 12:29 AM <JUNCTION> Start Menu [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu]
02/05/2008 12:29 AM <JUNCTION> Templates [C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Alan\AppData\Local
02/05/2008 12:29 AM <JUNCTION> Application Data [C:\Users\Alan\AppData\Local]
02/05/2008 12:29 AM <JUNCTION> History [C:\Users\Alan\AppData\Local\Microsoft\Windows\History]
02/05/2008 12:29 AM <JUNCTION> Temporary Internet Files [C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Alan\AppData\LocalLow
01/20/2012 01:10 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Alan\Documents
02/05/2008 12:29 AM <JUNCTION> My Music [C:\Users\Alan\Music]
02/05/2008 12:29 AM <JUNCTION> My Pictures [C:\Users\Alan\Pictures]
02/05/2008 12:29 AM <JUNCTION> My Videos [C:\Users\Alan\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/05/2008 12:25 AM <JUNCTION> Application Data [C:\ProgramData]
02/05/2008 12:25 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/05/2008 12:25 AM <JUNCTION> Documents [C:\Users\Public\Documents]
02/05/2008 12:25 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/05/2008 12:25 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/05/2008 12:25 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/05/2008 12:25 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/05/2008 12:25 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/05/2008 12:25 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/05/2008 12:25 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
02/05/2008 12:25 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/05/2008 12:25 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/05/2008 12:25 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/05/2008 12:25 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/05/2008 12:25 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/05/2008 12:25 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/05/2008 12:25 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/05/2008 12:25 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/05/2008 12:25 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/05/2008 12:25 AM <JUNCTION> My Music [C:\Users\Default\Music]
02/05/2008 12:25 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/05/2008 12:25 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/05/2008 12:25 AM <JUNCTION> My Music [C:\Users\Public\Music]
02/05/2008 12:25 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/05/2008 12:25 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 78,930,034,688 bytes free

< >
[2006/11/02 09:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:49 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/10/16 17:40:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/12/24 19:33:10 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/02/08 09:37:03 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce060160f35200.job

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Alan\Documents\SANY0135.MP4:TOC.WMV

< End of report >
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I don't know why, but there is no extras.txt in the desktop folder...or any folder.

I know why. I messed up the instructions. Sorry. :blush:
I am gonna redo the instructions and change the settings for OTL again so please read them carefully. This scan will produce an OTL.txt file with very little in it and I don't need to see it. But it will generate a full Extras.txt log. Please post the Extras.txt log only.


Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Very Important
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt will open on the desktop and Extras.Txt will be minimized on the taskbar.
  • Please copy the contents of Extras.txt file and paste it into your next reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Extras.txt log
  • 0

#7
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
thank you again.

Here is the extras.txt log:


OTL Extras logfile created on: 8/1/2013 1:50:14 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.21% Memory free
6.18 Gb Paging File | 4.91 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 74.46 Gb Free Space | 54.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.90 Gb Free Space | 58.99% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [batchresizer] -- "C:\Program Files\Batch Picture Resizer\PicResizer.exe" "%1" (SoftOrbits)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19FA2DC9-84C4-4849-BB1F-60946DA9821F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{9A7CFB67-3EB7-4D9E-BC64-7320DDF0A133}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{A0B33120-C0CF-4568-8814-F29F93995398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3E02FCC-4C52-4D2D-9779-A675640216C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C9ABAC-0F2E-4770-883A-9E9F8684C44B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{121CB465-78C4-4A08-9C79-82C37D06D60C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{18D5E75C-AF57-403D-B80E-0321BF05FF82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{22DA09DF-8574-41B7-9D4B-0FBED70BD1CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EFD54FA-DC1D-4780-8942-957E6FB008AB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F39DF12-A6A0-4AC2-A741-BDA7632711CA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3D7B7363-588A-49BD-8430-040E9084F0EA}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4BAD85C4-1062-4656-8138-84D8E5CD1E61}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{69B608FA-D8D0-438B-A316-11AD85F2D2D8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6A9F9BF4-A8D5-49EF-A061-847AD213BD00}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{7D2B2A2E-FE62-432D-9FD1-41C792D60196}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7EADB86C-6F9F-4D09-9765-4FDF6539ED4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9226D790-FE04-42CC-9BBF-B0EB461D7C63}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9A6F57F8-8C94-4D7B-8069-4C8C036B7448}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{A0276046-4811-4A16-9FDC-239224E50D1D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B33B2781-A1D0-4458-98B9-DB4DAA1B8D8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C42256E6-09BB-4A23-B208-464F0C66CDA9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D86DD6B5-F89C-40BB-9166-25A74BAAE237}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8A33F98-9E19-4D4C-8D2E-395C98ACC077}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{E7F8A8B2-92B8-4455-9C84-0751E3F6F7E4}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{EDEE4C4B-FA61-4DD1-9E66-66658A905C2F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 24
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.0.140
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BC6D5EAF-D314-4f47-8951-42CF14CB7316}" = dj_aio_corporate
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FD727056-F0C4-4811-9688-9EBF450D22C4}" = AXIS Media Control Embedded Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Batch Picture Resizer_is1" = Batch Picture Resizer 3.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"TurboTax 2012" = TurboTax 2012
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2013 4:58:24 PM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_LanmanServer, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0xf44, application start time 0x01ce8e28976596ad.

Error - 7/31/2013 6:00:59 PM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_LanmanServer, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0x27c4, application start time 0x01ce8e315597ebcd.

Error - 7/31/2013 6:23:11 PM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0x4c8, application start time 0x01ce8e3c6ad32e2e.

Error - 7/31/2013 6:23:14 PM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application quickset.exe, version 8.2.14.0, time stamp 0x46a14187,
faulting module quickset.exe, version 8.2.14.0, time stamp 0x46a14187, exception
code 0xc0000005, fault offset 0x0000afd6, process id 0x10e0, application start time
0x01ce8e3c80177cf2.

Error - 7/31/2013 6:27:29 PM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Winmgmt, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0x1128, application start time 0x01ce8e3ca778d912.

Error - 8/1/2013 2:33:57 AM | Computer Name = Alan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/1/2013 2:34:01 AM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0x4b0, application start time 0x01ce8e80da632dcb.

Error - 8/1/2013 2:35:16 AM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application quickset.exe, version 8.2.14.0, time stamp 0x46a14187,
faulting module quickset.exe, version 8.2.14.0, time stamp 0x46a14187, exception
code 0xc0000005, fault offset 0x0000afd6, process id 0x1150, application start time
0x01ce8e81095b815e.

Error - 8/1/2013 2:37:23 AM | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Winmgmt, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module FastProx.dll, version 6.0.6001.18226, time
stamp 0x49acb3cf, exception code 0xc0000005, fault offset 0x0003519b, process id
0x17a8, application start time 0x01ce8e814bb5602e.

Error - 8/1/2013 1:45:23 PM | Computer Name = Alan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/17/2013 7:01:54 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 19:01:54, Wed, Jul 17, 13 Error - Unable to gain access to user store


Error - 7/17/2013 8:55:25 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 20:55:24, Wed, Jul 17, 13 Error - Unable to gain access to user store


Error - 7/18/2013 12:42:34 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 12:42:33, Thu, Jul 18, 13 Error - Unable to gain access to user store


Error - 7/18/2013 3:38:39 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 15:38:38, Thu, Jul 18, 13 Error - Unable to gain access to user store


Error - 7/25/2013 4:56:52 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 16:56:51, Thu, Jul 25, 13 Error - Unable to gain access to user store


Error - 7/30/2013 9:32:06 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 21:32:06, Tue, Jul 30, 13 Error - Unable to gain access to user store


Error - 7/31/2013 2:32:48 AM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 02:32:47, Wed, Jul 31, 13 Error - Unable to gain access to user store


Error - 7/31/2013 12:35:57 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 12:35:56, Wed, Jul 31, 13 Error - Unable to gain access to user store


Error - 7/31/2013 1:57:54 PM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 13:57:53, Wed, Jul 31, 13 Error - Unable to gain access to user store


Error - 8/1/2013 2:32:18 AM | Computer Name = Alan-PC | Source = WLAN-Tray | ID = 0
Description = 02:32:18, Thu, Aug 01, 13 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 4/11/2011 10:37:36 AM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/14/2011 5:56:08 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/28/2012 1:03:34 AM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/20/2012 6:49:21 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/15/2012 6:50:16 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/15/2012 6:51:38 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/22/2012 9:16:36 AM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/22/2012 5:53:56 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/1/2013 9:01:27 PM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 7/15/2013 2:25:00 AM | Computer Name = Alan-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 6/2/2008 8:27:58 AM | Computer Name = Alan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1769
seconds with 180 seconds of active time. This session ended with a crash.

Error - 6/2/2008 8:59:45 AM | Computer Name = Alan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/2/2008 9:01:22 AM | Computer Name = Alan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.


Error encountered while reading event logs.

< End of report >
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Let's run a few other tools to make sure we got everything.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the adwcleaner.exe file and click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the mbam-setup.exe file and click Run as Administrator to install the application. Allow any UAC warnings you may get.

  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-5.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Double click the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The JRT.txt log
3. The MalwareBytes log
4. The ESET log (IF it found anything.) If it didn't find anything just let me know.
5. The FSS.txt log
6. How is the computer running now?
  • 0

#9
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok. Thank you again! Here goes in the order you asked for:

1.

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 14:31:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Alan - ALAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Alan\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2650 octets] - [03/08/2013 14:31:08]

########## EOF - C:\AdwCleaner[S1].txt - [2710 octets] ##########

2.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.1 (08.02.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by Alan on Sat 08/03/2013 at 14:42:15.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\installer
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/03/2013 at 14:48:43.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.03.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Alan :: ALAN-PC [administrator]

8/3/2013 3:02:24 PM
mbam-log-2013-08-03 (15-02-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369861
Time elapsed: 2 hour(s), 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

4.

Nothing found.

5.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.03.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Alan :: ALAN-PC [administrator]

8/3/2013 3:02:24 PM
mbam-log-2013-08-03 (15-02-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369861
Time elapsed: 2 hour(s), 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

6.

The computer seems to be running fine.
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

The computer seems to be running fine.

That's good to hear.
You posted the MBAM scan twice but didn't post the FSS.txt log. Please post that.
  • 0

Advertisements


#11
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

You posted the MBAM scan twice but didn't post the FSS.txt log. Please post that.


Sorry. Here you go:

Farbar Service Scanner Version: 26-07-2013
Ran by Alan (administrator) on 03-08-2013 at 19:48:27
Running from "C:\Users\Alan\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-26 19:52] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-10 20:56] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 18:05] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-09-29 17:48] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-09-29 17:46] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-09-29 17:48] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-09-29 17:47] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-09-29 17:48] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-09-29 17:45] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-16 16:44] - [2008-04-18 01:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-09-29 17:45] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-15 10:54] - [2010-02-18 10:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-11-20 13:58] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the FSS log. It shows that the Windows Update service isn't runing. It must have been broken for a long time because you only have SP1 on the computer.

Imoprtant Note: Windows Vista with Service Pack 1 (SP1) reached the end of support on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista Service Pack 1 (SP1). In order to stay secure and continue support you must upgrade to Service Pack 2 (SP2).

Once we get Windows Update working you still won't be able to install updates until SP2 is installed and that will most likely have to be done manually. The updates will then work again and you will probably have a bunch of them to install.


Step-1.

  • Open a command prompt. To do that:
    • Click the Start Orb.
    • In the Start Search box type cmd.exe and press the enter key. A black command window will open.
  • At the blinking cursor type the following commands and press the Enter key after each one (Notice the spaces, they need to be there):

    sc stop wuauserv
    sc config start= auto
    sc start wuauserv


    Did you get a message saying that the service had been stopped and configured and then started successfully? Or did you get a message complaining that the service couldn't be stopped or configuted of started?
  • Back at the blinking cursor type Exit and press the Enter key to close the Command Prompt.
  • Restart the computer.

Step-2.

Re-run the Farbar Service Scanner and post the FSS.txt log
  • 0

#13
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks again. Ran the commands and noticed something about not being able to be stopped.

Here is the FSS log:

Farbar Service Scanner Version: 26-07-2013
Ran by Alan (administrator) on 05-08-2013 at 15:11:04
Running from "C:\Users\Alan\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-26 19:52] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-10 20:56] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 18:05] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-09-29 17:48] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-09-29 17:46] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-09-29 17:48] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-09-29 17:47] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-09-29 17:48] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-09-29 17:45] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-16 16:44] - [2008-04-18 01:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-09-29 17:45] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-15 10:54] - [2010-02-18 10:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-11-20 13:58] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

Edited by Cowson1, 05 August 2013 - 05:21 PM.

  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The FSS scan doesn't show any problems with Windows Update service now. So let's get SP2 on the system now.


Step-1.

  • Please click here to go to the Microsoft download page for Windows Vista 32 bit SP2.
  • Make sure the language is correct and click the Download button and save the Windows6.0-KB948465-X86.exe file to the desktop.
  • Close the browser and all windows.
  • Disable your antivirus program.
  • Right click the Windows6.0-KB948465-X86.exe file and click Run as Administrator to install the service pack.
  • On the Welcome to Windows Vista Service Pack 2 page, click Next.
  • Follow the instructions on your screen. The computer might restart several times during the installation.
  • After installation is complete, log on to your computer at the Windows logon prompt. You'll receive a message indicating whether the update was successful.
Enable your antivirus software again.

If the service pack was installed successfully go on to Step 2.


Step-2.

Click the Start Orb and highlight All Programs.
In the list of programs that comes up find Windows Update and click it to open Windows Update.
Install all of the Critical and Important updates. The Optional updates are up to you.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how things went.
  • 0

#15
Cowson1

Cowson1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks. I got a message stating that installation was unsuccessful. "The remote procedure failed. Error:RPC_S_FAILED(0x800706be)"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP